Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/YgPYkE0HXEjCaiLon-XpjmQkLIY.roa
File:                     YgPYkE0HXEjCaiLon-XpjmQkLIY.roa (raw, json)
Hash identifier:          uUN8zdmAkEYpVDiXSJ/lb95t+h4Ye3mIHXA/def7t6s=
Subject key identifier:   62:03:D8:90:4D:07:5C:48:C2:6A:22:E8:9F:E5:E9:8E:64:24:2C:86
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DED12B1F77455B67345FBCC83FBEC
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/YgPYkE0HXEjCaiLon-XpjmQkLIY.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59722
IP address blocks:        217.195.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ed:12:b1:f7:74:55:b6:73:45:fb:cc:83:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6203d8904d075c48c26a22e89fe5e98e64242c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:bc:18:59:8d:a8:bf:88:9b:8e:fb:75:57:39:
                    ae:55:e0:24:a2:6e:eb:cd:a9:c0:07:10:9e:89:57:
                    05:6a:f5:b0:0f:2a:2e:c7:5c:4e:31:2d:dc:0a:92:
                    4b:e8:47:70:db:ec:b3:cf:6c:ab:25:14:a1:50:19:
                    88:69:85:71:45:dc:0d:dd:7b:23:dd:a2:9a:a7:f5:
                    0c:5b:7f:47:16:31:84:35:90:51:a1:1b:53:6f:06:
                    83:15:e3:05:72:16:69:c9:ff:9a:6d:97:2b:80:f1:
                    36:fe:30:78:60:50:d1:dc:67:f1:9d:99:4f:aa:a8:
                    5d:a8:c0:aa:15:ba:dc:89:43:cc:8c:4c:15:88:b9:
                    b6:d7:1d:49:9c:97:f3:20:d2:6b:d1:4f:cb:21:41:
                    55:f0:1b:45:62:4b:e1:c4:ce:c6:a8:c6:d7:b5:16:
                    1f:2b:ec:52:6b:5f:60:94:14:00:29:db:d9:81:13:
                    c2:53:58:03:c2:08:d8:1c:b6:d2:ef:c3:73:6d:e2:
                    cd:d4:bc:06:17:6c:35:e3:f9:6c:d4:11:17:1a:4c:
                    23:d8:4c:18:c3:d0:b2:5b:a1:cf:63:43:aa:4d:97:
                    cf:15:c6:02:74:f5:e4:33:90:9d:68:7b:67:31:b2:
                    ec:02:60:51:fc:a8:1a:7f:75:5a:a5:c5:f8:f1:2f:
                    57:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:03:D8:90:4D:07:5C:48:C2:6A:22:E8:9F:E5:E9:8E:64:24:2C:86
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/YgPYkE0HXEjCaiLon-XpjmQkLIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.195.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:21:40:b8:63:1a:9e:8c:9e:f8:5d:d7:0f:4c:05:15:11:2a:
         68:72:5e:cc:95:21:6d:6b:1f:2e:15:63:a2:ce:70:38:41:25:
         ad:e5:9d:f5:c6:12:ad:b8:47:13:f7:89:b0:43:f9:18:5e:d8:
         5b:d7:53:df:b8:17:e7:c4:a4:03:7c:9d:d1:92:99:b6:89:3d:
         a6:8a:fa:1a:66:cc:84:32:eb:93:f6:fd:17:6c:fb:6d:5d:43:
         7f:06:b5:ba:cc:1e:96:7b:a2:81:ea:17:55:3d:9e:40:4b:fa:
         d2:d3:a7:60:d2:b4:3f:70:b1:00:24:36:78:f8:30:ac:17:7f:
         20:49:58:a8:04:b7:ec:a7:dc:d4:4d:7b:c2:47:92:e1:ec:4e:
         16:05:92:7b:2c:c8:68:7a:b7:50:c3:fb:11:3c:b8:21:a2:91:
         65:4a:ab:24:dd:73:66:cd:88:dc:58:a1:b2:d9:f9:bc:8c:39:
         14:1a:85:89:ed:19:4c:be:de:9b:89:8f:2d:85:12:3d:76:34:
         af:ac:ae:56:ed:2f:85:9c:77:a7:ab:e6:cb:01:4e:7a:67:63:
         fe:42:09:a4:12:12:a3:8a:61:9f:67:7e:a9:ef:82:f8:06:5a:
         ce:e1:6d:62:15:8d:23:d0:86:c6:ea:53:bf:61:4a:1a:f4:2e:
         5e:c2:12:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe0Ssfd0VbZzRfvMg/vsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjAzZDg5MDRkMDc1YzQ4YzI2YTIyZTg5ZmU1ZTk4ZTY0MjQyYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybwYWY2ov4ibjvt1VzmuVeAkom7r
zanABxCeiVcFavWwDyoux1xOMS3cCpJL6Edw2+yzz2yrJRShUBmIaYVxRdwN3Xsj
3aKap/UMW39HFjGENZBRoRtTbwaDFeMFchZpyf+abZcrgPE2/jB4YFDR3GfxnZlP
qqhdqMCqFbrciUPMjEwViLm21x1JnJfzINJr0U/LIUFV8BtFYkvhxM7GqMbXtRYf
K+xSa19glBQAKdvZgRPCU1gDwgjYHLbS78NzbeLN1LwGF2w14/ls1BEXGkwj2EwY
w9CyW6HPY0OqTZfPFcYCdPXkM5CdaHtnMbLsAmBR/Kgaf3VapcX48S9XNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGID2JBNB1xIwmoi6J/l6Y5kJCyGMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvWWdQWWtFMEhYRWpDYWlMb24tWHBqbVFrTElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cNMMA0G
CSqGSIb3DQEBCwUAA4IBAQADIUC4YxqejJ74XdcPTAUVESpocl7MlSFtax8uFWOi
znA4QSWt5Z31xhKtuEcT94mwQ/kYXthb11PfuBfnxKQDfJ3Rkpm2iT2mivoaZsyE
MuuT9v0XbPttXUN/BrW6zB6We6KB6hdVPZ5AS/rS06dg0rQ/cLEAJDZ4+DCsF38g
SVioBLfsp9zUTXvCR5Lh7E4WBZJ7LMhoerdQw/sRPLghopFlSqsk3XNmzYjcWKGy
2fm8jDkUGoWJ7RlMvt6biY8thRI9djSvrK5W7S+FnHenq+bLAU56Z2P+QgmkEhKj
imGfZ36p74L4BlrO4W1iFY0j0IbG6lO/YUoa9C5ewhKm
-----END CERTIFICATE-----